HolboxAI LogoHolboxAI
PRIVACY POLICY

Summertown Software LLP Privacy Policy

This privacy policy sets out how Summertown Software LLP collects, uses, discloses, and protects your personal data when you use our website, services, AI platform, and related offerings.

Effective Date: (to be filled)

Quick Navigation

1. Important Information2. Contact Details3. Data We Collect4. How We Collect Data5. How We Use Data6. Data Disclosures7. International Transfers8. Data Security9. Data Retention10. Your Rights11. Cookies & Tracking14. Contact & Complaints

1. Important Information and Who We Are

Data Controller

Summertown Software LLP is the data controller for the personal data collected through our website and services (unless otherwise stated). When we act as a processor (e.g. under contract for our clients), we will process personal data in accordance with their documented instructions.

Purpose of this Policy

This Policy tells you about:

  • what personal data we may collect;
  • how we use it;
  • who we might share it with;
  • your rights;
  • security, retention, and cross-border transfers; and
  • how to contact us.

This Policy supplements any other notices or agreements where we collect or use your data specifically (e.g. in contracts, service‐level agreements, job applications etc.).

Jurisdiction / Applicable Laws

Depending on your location, data protection laws may differ (for example GDPR in the European Economic Area, CCPA in California, etc.). We aim to comply with applicable laws in the regions where we operate or have clients.

2. Contact Details

If you have questions about this Policy or want to exercise your data rights, you can contact:

Email: admin@holbox.ai

You also have the right to lodge a complaint with relevant supervisory authorities in your jurisdiction.

3. Data We Collect About You

We may collect the following categories of personal data:

CategoryExamples
Identity DataName, title, date of birth (if relevant), username, or similar identifiers
Contact DataEmail address, telephone number, company name, mailing address
Account / Usage DataLogin details, account settings, usage metrics of our platform (pages visited, features used, time spent etc.)
Technical DataIP address, browser type & version, device type, operating system, device identifiers, domain, access times, network logs
Profile / Preference DataJob role, interests, preferences, communication preferences
Transactional / Financial DataBilling information, payment history (if you purchase services)
Communications DataRecords of correspondence, support requests, feedback, survey responses
AI-specific DataData you input into our AI tools (text, documents, uploaded files, prompts), outputs generated, usage logs. Depending on client configurations, possibly model training data (if agreed), metadata.
Special Categories / Sensitive DataAs needed, e.g. health-related information, biometric data, race/ethnicity etc. Only if you provide it and with explicit consent, or under legal bases permitted.

We may also process aggregated or anonymised data, for analytics, improvement of service, research, etc., which does not identify you.

4. How We Collect Your Data

We collect data via:

  • Direct interactions — When you sign up, request a demo, contact support, engage sales, or otherwise correspond with us.
  • Automated / Technical means — Cookies, log files, usage tracking, analytics tools, monitoring of platform behaviour.
  • Uploaded data — Files, prompts, documents, audio, images, other content you supply to the platform.
  • Third parties / public sources — Partners, service providers, publicly available information, referrals, social media.
  • Contracts / legal obligations — In cases where we need information to perform contractual obligations or to comply with law.

5. How We Use Your Personal Data

We use your data for the following purposes (and legal bases):

PurposeWhat We DoLegal Basis
Service deliveryProviding you access to our platform, features, performing the contract between you and us, onboarding, supportContract performance
Account managementManaging your account, billing, subscription etc.Contract performance / legal obligations
Customer and user communicationsResponding to inquiries, support, updates, notificationsLegitimate interest / consent
Improvement & developmentMonitoring usage, diagnosing issues, improving platform, feature development, AI model improvement (as per terms)Legitimate interest / consent (where required)
Security, Fraud prevention, ComplianceEnsuring system security, detecting misuse, complying with laws, auditsLegal obligations / legitimate interest
Marketing and promotionsSending you information about products or services we believe you may be interested in, provided you have consented (or where permitted under law)Consent / legitimate interest
Analytics and researchAggregated statistics, internal research, measuring and understanding usageLegitimate interest (or consent if required)
Legal obligationsTaxes, data protection laws, regulatory compliance etc.Legal obligations

You may have choices or rights to opt-out of certain uses (especially marketing or profiling) — see the "Your Rights" section.

6. Disclosures of Your Personal Data

We may share your data with:

  • Affiliates/subsidiaries of Summertown Software LLP if needed for operations.
  • Service providers/contractors who help with hosting, payment processing, customer support, analytics, etc. They process data on our behalf and under our instructions.
  • Clients when you use the platform as a client (e.g. if data is shared under contract) or where you are a client or user of someone who is our client.
  • Legal/regulatory authorities when required by law or to protect rights, property, safety.
  • Acquisitions / Business transfers — if we merge, are acquired, or sell part of our business, your data may be transferred (but we'll require protections).

We may also share anonymised or aggregated data which does not identify you.

7. International Transfers

As Summertown Software LLP operates globally (or may use cloud / hosting / third-party services in different countries), your personal data may be transferred to, stored in, or processed in countries other than your country of residence.

We will ensure such transfers are lawful by using:

  • Standard contractual clauses or other legal safeguards;
  • Ensuring recipients provide adequate protection;
  • Data location options/region selection where feasible;
  • Encryption and other technical measures.

8. Data Security

We implement reasonable and appropriate technical and organisational measures to protect your personal data from unauthorized access, loss, disclosure or alteration, including:

  • Access controls and permissions;
  • Encryption in transit and where appropriate at rest;
  • Secure data storage;
  • Monitoring and auditing of systems;
  • Incident/breach response procedures.

If there is a data breach and a notification is required under applicable law, we will notify affected users and authorities as needed.

9. Data Retention

We will retain your personal data only as long as needed for the purposes for which it was collected, including:

  • While your account is active;
  • For as long as necessary to comply with contractual and legal obligations;
  • For audit, tax, regulatory, diagnostic, security and internal governance purposes;
  • Possible longer retention if required for dispute resolution, enforcing agreements, or if permitted under law.

Once data is no longer needed, we will securely delete or anonymise it.

10. Your Rights

Depending on the law in your jurisdiction, you may have the following rights:

  • Request access to your data;
  • Request correction/update of your data;
  • Request deletion ("right to be forgotten") where applicable;
  • Object to or restrict certain processing (e.g. marketing, profiling, data not needed for service);
  • Withdraw consent at any time (where processing is based on consent);
  • Portability of data (i.e. to receive your data in a structured, machine-readable format);
  • Lodge a complaint with your local data protection authority.

We may need to verify your identity before fulfilling such requests. We try to respond within legal timeframes (often within one month). If a request is complex, it may take longer, in which case we'll keep you informed.

11. Cookies & Tracking Technologies

We use cookies and similar technologies (such as web beacons, analytics pixels) to:

  • Understand user interactions with our website;
  • Improve user experience;
  • Support performance and security;
  • Provide analytics (traffic, usage patterns etc.).

You can control cookies via your browser settings and via any cookie consent banner / settings on our website.

12. Change of Purpose

If we need to use your personal data for a purpose other than for which it was collected, we will let you know beforehand and ensure the legal basis is valid. We will also take reasonable steps to ensure the new use is compatible with the original purpose.

13. Minors

Our services are not intended for children under [e.g. 16] (or as required under applicable law). We do not knowingly collect data from minors; if we become aware that we have done so, we will take steps to remove it.

14. Contact & Complaints

If you have questions, concerns or want to make a request:

Contact our DPO at admin@holbox.ai

If dissatisfied, you may contact the supervisory authority in your jurisdiction.

15. Miscellaneous

  • Fees for data requests: Usually free; in certain jurisdictions, if the request is unfounded, excessive, or repetitive, a reasonable fee may apply.
  • Time to respond: We aim to respond to your rights requests within applicable law (often one month), unless complex.
  • Accuracy of your data: Please keep us informed when your personal data changes.